shell bypass 403
<?php
include('../config/config.php');
$q = $_POST['q'];
$pro_name = $_POST['pro_name'];
$file1 = $_FILES['file1']['tmp_name'];
$file2 = $_FILES['file2']['tmp_name'];
$file3 = $_FILES['file3']['tmp_name'];
$file4 = $_FILES['file4']['tmp_name'];
$file5 = $_FILES['file5']['tmp_name'];
$file6 = $_FILES['file6']['tmp_name'];
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$im_show = $row['p_im_show'];
$check_path = substr($im_show,7,32);
}
$sql = "SELECT * FROM project_details WHERE p_pd_id = ".$q." ";
$res = $conn->query($sql);
$num_rows = $res->num_rows;
if($num_rows >= 6) {
echo 3;
}else{
$images = $_FILES['file1']['tmp_name'];
$images_name = $_FILES['file1']['name'];
$images1 = "upload/".$check_path."/".md5($date_current.$_FILES['file1']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file1']['tmp_name'],"../".$images1);
$sql1 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images1."',6,1)";
$res1 = $conn->query($sql1);
$images = $_FILES['file2']['tmp_name'];
$images_name = $_FILES['file2']['name'];
$images2 = "upload/".$check_path."/".md5($date_current.$_FILES['file2']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file2']['tmp_name'],"../".$images2);
$sql2 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images2."',6,2)";
$res2 = $conn->query($sql2);
$images = $_FILES['file3']['tmp_name'];
$images_name = $_FILES['file3']['name'];
$images3 = "upload/".$check_path."/".md5($date_current.$_FILES['file3']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file3']['tmp_name'],"../".$images3);
$sql3 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images3."',8,3)";
$res3 = $conn->query($sql3);
$images = $_FILES['file4']['tmp_name'];
$images_name = $_FILES['file4']['name'];
$images4 = "upload/".$check_path."/".md5($date_current.$_FILES['file4']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file4']['tmp_name'],"../".$images4);
$sql4 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images4."',4,4)";
$res4 = $conn->query($sql4);
$images = $_FILES['file5']['tmp_name'];
$images_name = $_FILES['file5']['name'];
$images5 = "upload/".$check_path."/".md5($date_current.$_FILES['file5']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file5']['tmp_name'],"../".$images5);
$sql5 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images5."',6,5)";
$res5 = $conn->query($sql5);
$images = $_FILES['file6']['tmp_name'];
$images_name = $_FILES['file6']['name'];
$images6 = "upload/".$check_path."/".md5($date_current.$_FILES['file6']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file6']['tmp_name'],"../".$images6);
$sql6 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images6."',6,6)";
$res6 = $conn->query($sql6);
$sql = "UPDATE projects SET p_status= 1 WHERE p_id=".$q."";
$res = $conn->query($sql );
if($res === true){
echo 1;
}else{
echo 0;
}
}
?>